Josip Rodin <[email protected]> wrote: > >> DEFAULT NAS-Identifier == switch, Huntgroup-Name == allied-telesis, >> ldap_login1-LDAP-Group == it-switch-admin >> DEFAULT NAS-Identifier == switch, Huntgroup-Name == allied-telesis, >> ldap_login2-LDAP-Group == it-switch-admin >> >> instantiate { >> ldap_login1 >> ldap_login2 > > This sounds like you're comparing attributes called "ldap_login1-LDAP-Group" > and "ldap_login2-LDAP-Group". Presumably these are generated with those > distinct names, by your two LDAP module instances. > > How do the definitions of those two look like? > IOW have you tried using a common LDAP attribute map in both? > http://wiki.freeradius.org/Rlm_ldap#Group_Support
Cheers -- Alexander Clouter .sigmonster says: Screw up your courage! You've screwed up everything else. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
